package com.kx.web;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

import java.util.Arrays;

@Controller
@RequestMapping("order")
public class OrderController {
    @RequestMapping("save")
    public String save() {
        //获取主题对象
        Subject subject = SecurityUtils.getSubject();
        //1、编程式授权
        if (subject.hasAllRoles(Arrays.asList("user", "admin"))) {
            System.out.println("保存订单!");
        } else {
            System.out.println("无权访问!");
        }
        return "redirect:/index.jsp";
    }

    @RequestMapping("delete")
    //2、注解式授权
//    @RequiresRoles("admin") //@RequiresRoles用来判断角色 具有admin
    @RequiresPermissions("user:delete:01")  //@RequiresPermissions用来判断权限字符串
    public String delete() {
        //获取主题对象
        Subject subject = SecurityUtils.getSubject();
        //编程式授权
        if (subject.hasRole("admin")) {
            System.out.println("删除订单!");
        } else {
            System.out.println("无权访问!");
        }
        return "redirect:/index.jsp";
    }
}
